Bug 1268126 - system:admin requiring password
system:admin requiring password
Status: CLOSED CURRENTRELEASE
Product: OpenShift Container Platform
Classification: Red Hat
Component: Auth (Show other bugs)
3.0.0
Unspecified Unspecified
unspecified Severity low
: ---
: ---
Assigned To: Jordan Liggitt
weiwei jiang
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-01 17:22 EDT by Ryan Howe
Modified: 2016-10-30 18:54 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-01-29 15:58:31 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ryan Howe 2015-10-01 17:22:48 EDT
Description of problem:
system:admin requiring password when starting fresh with a copied version of admin.kubeconfig

Workaround is to use the -u option the first time. 

Version-Release number of selected component (if applicable):
3.0.2

How reproducible:
100% 

Steps to Reproduce:

[root@master ~]# rm .kube/config
rm: remove regular file ‘.kube/config’? y

[root@master ~]# cp /etc/openshift/master/admin.kubeconfig .kube/config

[root@master ~]# oc login
Authentication required for https://master.lizard.com:8443 (openshift)
Username: system:admin
Password: 
Error from server: Internal error occurred: unexpected response: 500

[root@master ~]# oc login -u system:admin
Logged into "https://master.lizard.com:8443" as "system:admin" using existing credentials.

Using project "default".

You have access to the following projects and can switch between them with 'oc project <projectname>':

  * default (current)
  * openshift
  * openshift-infra


Actual results:
Error from server: Internal error occurred: unexpected response: 500

Expected results:
Logged into "https://master.lizard.com:8443" as "system:admin" using existing credentials.

Additional info:

This only happens when the -u option is not used the first time. 

This was tested with htpasswd auth
Comment 2 Jordan Liggitt 2015-10-01 17:25:54 EDT
To switch to an existing credentials, you must use "-u ...". Will look into preventing the 500 error
Comment 3 Jordan Liggitt 2015-11-12 16:58:04 EST
Fixed in origin in https://github.com/openshift/origin/pull/5726
Comment 4 Jordan Liggitt 2016-01-13 13:15:27 EST
Usernames with colons no longer attempt password auth
Comment 5 weiwei jiang 2016-01-14 02:57:07 EST
checked with devenv-centos7_3136, and still not work

# oc login 
Authentication required for https://172.18.8.193:8443 (openshift)
Username: system:admin
Password: 
error: username system:admin is invalid for basic auth
Comment 6 Jordan Liggitt 2016-01-14 08:31:05 EST
To switch to an existing credentials, you must use "-u ...". The bug that was fixed was the 500 error encountered if you try to use "system:admin" as a password login.

The "username system:admin is invalid for basic auth" error is working correctly if you attempt to use that username for a password login.
Comment 7 weiwei jiang 2016-01-15 00:47:59 EST
(In reply to Jordan Liggitt from comment #6)
> To switch to an existing credentials, you must use "-u ...". The bug that
> was fixed was the 500 error encountered if you try to use "system:admin" as
> a password login.
> 
> The "username system:admin is invalid for basic auth" error is working
> correctly if you attempt to use that username for a password login.

If so should be verified.
Comment 8 Salvatore Provvidenza 2016-01-22 06:42:43 EST
Hy guys, i have the same problem whit the last version of origin (openshift-origin-server-v1.1.1)

when i run this command : 

oc login localhost:8443 -usystem:admin

openshift requires password. I need to system:admin user but i don't know 
how to get permits to run :

oadm policy add-cluster-role-to-user cluster-admin admin

Do you have any idea to help me ?

thanks in advace.
Comment 9 Jordan Liggitt 2016-01-22 16:22:45 EST
system:admin credentials live in a client certificate. If you get prompted for a password, that means your $KUBECONFIG file does not contain those credentials. You need to locate the admin.kubeconfig file generated at server start and do
export KUBECONFIG=/path/to/admin.kubeconfig

Then you will be able to run cluster admin commands.
Comment 10 Salvatore Provvidenza 2016-01-25 05:05:44 EST
thanks, now work fine :D

Note You need to log in before you can comment on or make changes to this bug.